Technique for maintaining secure network connections

ABSTRACT

A technique for maintaining secure network connections is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for maintaining secure network connections. The method may comprise detecting a change of address associated with a first network element. The method may also comprise updating at least one first security configuration at the first network element. The method may further comprise transmitting at least one secure message from the first network element to a second network element, wherein the at least one secure message comprises information associated with the change of address. And the method may comprise updating at least one second security configuration at the second network element based at least in part on the at least one secure message.

FIELD OF THE INVENTION

The present invention relates generally to telecommunications and, moreparticularly, to a technique for maintaining secure network connections.

BACKGROUND OF THE INVENTION

IP Security (IPsec) is a security architecture for internet protocol(IP) that includes a set of protocols developed by the InternetEngineering Task Force (IETF) to support secure exchange of packets atthe IP layer. IPsec provides security services by enabling a system toselect required security protocols, determine the algorithm(s) to usefor the service(s), and put in place any cryptographic keys required toprovide the requested services. IPsec uses two protocols to providetraffic security: Authentication Header (AH) and Encapsulating SecurityPayload (ESP). For IPsec to work, the sending and receiving devicestypically share a public key which is handled through the InternetSecurity Association and Key Management Protocol (ISAKMP).

A Security Association (SA) is a security-protocol-specific set ofparameters that completely defines the services and mechanisms necessaryto protect traffic at that security protocol location. These parameterstypically include algorithm identifiers, modes, cryptographic keys, etc.An SA is often referred to by its associated security protocol (forexample, “ISAKMP SA”, “ESP SA”).

At the initiation of a secure connection between two network elements,they must first negotiate an ISAKMP SA to protect their furthernegotiations. This ISAKMP SA is then used in negotiating Protocol SA's.During the negotiation and establishment of Protocol SA's, a securityparameter index (SPI) is generated for each SA. The negotiated SA's aretypically stored in a security association database (SAD), and an SPI isused together with a destination IP address and a security protocol touniquely identify an SA. Another database typically maintained by anIPsec-enabled element is a security policy database (SPD) whichspecifies the policies concerning disposition of all IP packets. EachIPsec-enabled interface typically maintains separate inbound andoutbound databases (SPD and SAD).

In a wireless local area network (WLAN), which has become more and morepopular, it is not uncommon for a mobile user to roam among differentsubnets or from one geographic area to another using different IPaddresses. It has become increasingly desirable to support the abilityof maintaining secure connections without loss of data while a mobileclient experiences a change of IP address. However, current IPsecarchitecture does not support such an IP address change withoutterminating the old connection and re-establishing a new one. As aresult, a roaming client would encounter inevitable network servicedisruptions, which is not only inconvenient for the client but alsoburdensome for the network due to overhead costs from repeated securitynegotiations.

One solution to the loss-of-connection problem is to adopt Mobile IP inan IPsec implementation. With this solution, a mobile client is assigneda relatively permanent Mobile IP address in its home network. Whenroaming into a foreign network, the client obtains a care-of IP addressfrom a foreign agent and communicates with the rest of the world throughthe foreign agent. As shown in FIG. 1, when it roams from Network 1 toNetwork 2, the mobile client has to maintain double tunneling to theSecurity Server in order not to lose connection. Mobile IP with doubletunneling is highly inefficient and can be especially problematic for aresource-limited mobile unit. In addition, it takes considerabledevelopment effort to implement Mobile IP.

In view of the foregoing, it would be desirable to provide a mobilitysolution which overcomes the above-described inadequacies andshortcomings.

SUMMARY OF THE INVENTION

According to the present invention, a technique for maintaining securenetwork connections is provided. In one particular exemplary embodiment,the technique may be realized as a method for maintaining secure networkconnections. The method may comprise detecting a change of addressassociated with a first network element. The method may also compriseupdating at least one first security configuration at the first networkelement. The method may further comprise transmitting at least onesecure message from the first network element to a second networkelement, wherein the at least one secure message comprises informationassociated with the change of address. And the method may compriseupdating at least one second security configuration at the secondnetwork element based at least in part on the at least one securemessage.

In accordance with other aspects of this particular exemplary embodimentof the present invention, a lookup of security associations may be notdependent on any destination address.

In accordance with further aspects of this particular exemplaryembodiment of the present invention, the first network element may be amobile client and the second network element may be a security gateway.

In accordance with still further aspects of this particular exemplaryembodiment of the present invention, the first network element and thesecond network element may be part of a virtual private network (VPN).

In accordance with additional aspect of this particular exemplaryembodiment of the present invention, communications between the firstnetwork element and the second network element may be based on asecurity architecture for the internet protocol (IPsec). At least partof the communications between the first network element and the secondnetwork element may be based on an internet security association and keymanagement protocol (ISAKMP). The second network element may identify atleast one security association based on at least one cookie field in theat least one secure message.

In another particular exemplary embodiment, the technique may berealized by at least one signal embodied in at least one carrier wavefor transmitting a computer program of instructions configured to bereadable by at least one processor for instructing the at least oneprocessor to execute a computer process for performing the method asrecited above.

In yet another particular exemplary embodiment, the technique may berealized by at least one processor readable carrier for storing acomputer program of instructions configured to be readable by at leastone processor for instructing the at least one processor to execute acomputer process for performing the method as recited above.

In still another particular exemplary embodiment, the technique may berealized as a method for maintaining secure network connections. Themethod may comprise duplicating, between a second network element and athird network element, information associated with a secure networkconnection between a first network element and the second networkelement, wherein a lookup of security associations associated with thesecure network connection is not dependent on any destination address.The method may also comprise replacing the second network element withthe third network element in the secure network connection with thefirst network element. The method may further comprise sending at leastone secure message from the third network element to the first networkelement.

In a further particular exemplary embodiment, the technique may berealized as a method for maintaining secure network connections. Themethod may comprise configuring a plurality of security gateways suchthat a lookup of security associations is not dependent on anydestination address. The method may further comprise sharing at leastone security association among the plurality of security gateways.

In a still further particular exemplary embodiment, the technique may berealized by a system for maintaining secure network connections. Thesystem may comprise means for detecting a change of address associatedwith a first network element, means for updating at least one firstsecurity configuration at the first network element, means fortransmitting at least one secure message from the first network elementto a second network element, wherein the at least one secure messagecomprises information associated with the change of address, and meansfor updating at least one second security configuration at the secondnetwork element based on the at least one secure message.

The present invention will now be described in more detail withreference to exemplary embodiments thereof as shown in the accompanyingdrawings. While the present invention is described below with referenceto exemplary embodiments, it should be understood that the presentinvention is not limited thereto. Those of ordinary skill in the arthaving access to the teachings herein will recognize additionalimplementations, modifications, and embodiments, as well as other fieldsof use, which are within the scope of the present invention as disclosedand claimed herein, and with respect to which the present inventioncould be of significant utility.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to facilitate a fuller understanding of the present invention,reference is now made to the accompanying drawings, in which likeelements are referenced with like numerals. These drawings should not beconstrued as limiting the present invention, but are intended to beexemplary only.

FIG. 1 is a schematic illustration of a Mobile IP solution adopted inprior arts.

FIG. 2 is a flow chart illustrating an exemplary method for maintainingsecure network connections in accordance with an embodiment of thepresent invention.

FIG. 3 is an illustration of an exemplary IPsec packet in accordancewith an embodiment of the present invention.

FIG. 4 is a block diagram illustrating an exemplary system formaintaining secure network connections in accordance with an embodimentof the present invention.

FIG. 5 is a block diagram illustrating an exemplary implementation ofHigh Availability in accordance with an embodiment of the presentinvention.

FIG. 6 is a block diagram illustrating an exemplary implementation ofGroup Mode Security in accordance with an embodiment of the presentinvention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENT(S)

For illustration purposes, the technique for maintaining secure networkconnections in accordance with the present invention will be describedbelow with specific reference to IPsec in tunnel mode. However, itshould be appreciated that the technique is applicable to any securenetwork protocols regardless of the mode of operation. As usedhereinafter, a “security gateway” refers to any intermediate or terminalsystem, such as a router, a firewall or a server, that implements IPsecprotocols. A “mobile client” refers to a remote user or unit thatcommunicates with a security gateway using IPsec protocols. One or moresecurity gateways and mobile clients may form a security network system.

Referring to FIG. 2, there is shown a flow chart illustrating anexemplary method for maintaining secure network connections inaccordance with an embodiment of the present invention.

In step 200, Security Association (SA) lookup may be made independent ofdestination IP address system-wide.

In the context of IPsec in tunnel mode, an IPsec-processed packettypically has a format as illustrated in FIG. 3. The packet contains anOuter IP Header, an IPsec Header, an Inner IP Header and Other Data. TheInner IP Header, which contains the original source and destinationaddresses, and Other Data (e.g., payloads) are protected withencryption. The information associated with the encryption andauthentication is contained in the IPsec Header. And the Outer IP Headercontains source and destination addresses for the tunnel endpoints. Forinbound processing, a security gateway will use the destination IPaddress in the Outer IP Header, together with the Security ParameterIndex (SPI) and the type of protocol as indicated in the IPsec Header,to look up the appropriate SA(s) in a local SA Database (SAD). Theappropriate SA or SA bundles are then used in authenticating anddecrypting the packet.

When SA lookup is made independent of destination IP address, SPI may beused to uniquely identify an SA within a protocol. This system-widechange may offer a number of advantages. For example, since inboundprocessing is no longer dependent on destination IP address, the changeof outer IP address would not affect a security gateway's ability tolocate the correct SA(s). Further, with the removal of dependency ondestination IP address, the same SA may be shared among multiple IPsectunnels and multiple nodes in a group. The resulting High Availabilityand Group Mode Security will be described in more detail below.

In step 202, a mobile client may detect its own IP address change. As amobile client moves into a different network or geographic area, its IPaddress may change to a different value. The change of address may alsoresult from a switch of network adapters, e.g., from a WLAN to a LANcard or vice versa. As the mobile client detects the change, it may keepa record of the new address as well as the old address.

In step 204, the mobile client may update its own ISAKMP SAs and IPsecSAs with the new IP address.

Next, in step 206, the mobile client may use a current ISAKMP SA to senda NOTIFY message to a security gateway with whom the client has beenmaintaining a secure connection. The NOTIFY message may contain at leastthe client's old IP address and new IP address. The NOTIFY message mayalso include a sequence number to ensure reliable delivery and detectionof duplicate packets. The contents of the NOTIFY message are securelyprotected by the ISAKMP SA encryption. The ISAKMP NOTIFY message may besubject to the same retry and timeout of other ISAKMP messages.

In step 208, upon receiving the NOTIFY message, the security gateway maylocate the appropriate ISAKMP SA based on the cookie fields in theISAKMP header. The cookie fields uniquely identify the SA associatedwith the NOTIFY message. The appropriate SA may then be applied toprocess the secure NOTIFY message to extract the old and new IPaddresses.

In step 210, the security gateway may then update its SADs based on theold and new IP addresses of the mobile client. According to embodimentsof the invention, it may be more desirable to update the securitygateway's SADs based on a secure NOTIFY message from the mobile clientrather than based on inbound data with the new IP address. To update theoutbound SAD or ISAKMP SAs using an outer IP header may expose thesecurity gateway to denial of service (DoS) attacks since the outer IPheader is not protected by integrity check such as Hashed MessageAuthentication Code (HMAC). Further, the security gateway might need toforward data to the client before any inbound data is received.

In step 212, after the security gateway is updated with the new IPaddress of the mobile client, the IPsec connection may be maintained. IPtraffic can continue flowing in both directions between them withoutdisruption. Once the mobile client receives data packets destined to thenew IP address, it will know that the update of new IP address hassucceeded.

Referring now to FIG. 4, there is shown a block diagram illustrating anexemplary system (400) for maintaining secure network connections inaccordance with an embodiment of the present invention. The System 400may be any network element (e.g., a remote unit, router or server) thatimplements IPsec protocols. The System 400, typically comprises aprocessor module 402, a storage module 404 and a transceiver module 406.The processor module 402 may be a central processing unit (CPU),micro-controller, digital signal processing (DSP) unit, or computer withpacket-processing and hardware-control functions. The storage module 404may be a storage device, such as a semiconductor memory, nonvolatilememory, hard drive disk, CD-ROM or similar, that is accessible by theprocessor module 402. Storage module 404 may hold data records includingSADs, SPDs, and IP addresses, etc. The transceiver module 406 may becapable of transmitting and receiving data packets. In operation, theprocessor module 402 may follow the IPsec protocols including ISAKMP inaccordance with the exemplary method described above. System 400 depictsthe typical components of either a mobile client or a security gateway.As a mobile client, the processor module 402 may detect its IP addresschange, store the old and new addresses in the storage module 404,update the local SADs with the new address, and send an ISAKMP NOTIFYmessage, via the transceiver module 406, to a security gateway. As asecurity gateway, the processor module 402 may receive the ISAKMP NOTIFYmessage via the transceiver module 406, look up the ISAKMP SA in thestorage module 404 based on the cookie pairs in the NOTIFY message,decrypt the message with the ISAKMP SA, and update the local SADs basedon the old and new IP addresses.

As mentioned above, removal of dependency on destination IP addressmakes it possible to achieve High Availability and Group Mode Security.These two implementations are described in connection with FIGS. 5 and6.

FIG. 5 is a block diagram illustrating an exemplary implementation ofHigh Availability in accordance with an embodiment of the presentinvention. In FIG. 5, there is shown a Mobile Client 500 maintaining asecure connection with a Security Server 502 via an IPsec Tunnel 52.When the IPsec connection is established between Mobile Client 500 andSecurity Server 502, a copy of the IPsec SAs and the ISAKMP SAs may besent via a secure path 56 to a Security Server 504. During the life ofthe connection between Client 500 and Server 502, any changes in theirsecurity configurations may be securely duplicated to Server 504. In thesame time, Server 504 may constantly monitor the operations of Server502. When Server 502 fails, Server 504 may send an ISAKMP NOTIFY messageto Client 500 indicating the connection will be taken over by Server504. Since Server 504 is up-to-date with all the security informationconcerning the connection between Client 500 and Server 502, Client 500will be able to decrypt the NOTIFY message and start forwarding trafficto Server 504 without re-establishing an IPsec connection. And sincethere is no SA dependency on destination IP address, Server 504 shouldbe able to communicate with Client 500 via IPsec Tunnel 54 in exactlythe same way as Server 502 did. As a result, Client 500 may experienceminimal impact due to failure of Server 502.

FIG. 6 is a block diagram illustrating an exemplary implementation ofGroup Mode Security in accordance with an embodiment of the presentinvention. Current IPsec is a point-to-point model. With the SAdependency on destination IP addresses, each connection between any twonodes has to be individually configured. For a system with N nodes, Nbeing an integer, a total of N*(N−1)/2 connections must be configured.As the number of nodes increases, the number of connections that have tobe individually configured may increase very quickly. For example, foran organization with four branch offices, as shown in FIG. 6, a total ofsix connections among the four security servers (A through D) must beconfigured. For a system with 8 nodes, 28 connections are to beconfigured. However, with the removal of dependency on destination IPaddress, the same SA may be shared among multiple nodes in a group. Anytraffic sent among the group nodes may be protected using the same SA.This may make configurations of a large number of branch offices mucheasier.

Functionalities in accordance with the above-described exemplary methodmay be achieved without physical modification to existing networkhardware. Instead, the mobility solution in accordance with the presentinvention may be implemented through software and/or firmware upgrades.

At this point it should be noted that the technique for maintainingsecure network connections in accordance with the present invention asdescribed above typically involves the processing of input data and thegeneration of output data to some extent. This input data processing andoutput data generation may be implemented in hardware or software. Forexample, specific electronic components may be employed in a computerand/or communications network or similar or related circuitry forimplementing the functions associated with the mobility solution inaccordance with the present invention as described above. Alternatively,one or more processors operating in accordance with stored instructionsmay implement the functions associated with maintaining secure networkconnections in accordance with the present invention as described above.If such is the case, it is within the scope of the present inventionthat such instructions may be stored on one or more processor readablecarriers (e.g., a magnetic disk), or transmitted to one or moreprocessors via one or more signals.

The present invention is not to be limited in scope by the specificembodiments described herein. Indeed, other various embodiments of andmodifications to the present invention, in addition to those describedherein, will be apparent to those of ordinary skill in the art from theforegoing description and accompanying drawings. Thus, such otherembodiments and modifications are intended to fall within the scope ofthe following appended claims. Further, although the present inventionhas been described herein in the context of a particular implementationin a particular environment for a particular purpose, those of ordinaryskill in the art will recognize that its usefulness is not limitedthereto and that the present invention can be beneficially implementedin any number of environments for any number of purposes. Accordingly,the claims set forth below should be construed in view of the fullbreadth and spirit of the present invention as disclosed herein.

The invention claimed is:
 1. A method for maintaining secure networkconnections, the method comprising: duplicating, at a third networkelement, a security association associated with a secure networkconnection between a first network element and a second network element,wherein a lookup of the security association associated with the securenetwork connection is not dependent on any destination address; and inresponse to detecting failure of the second network element, replacingthe second network element with the third network element in the securenetwork connection with the first network element, wherein the securenetwork connection between the first network element and the thirdnetwork element is based on the duplicated security association; andsending at least one secure message from the third network element tothe first network element to notify the first network element that thesecure network connection will be taken over by the third networkelement, the third network element communicating with the first networkelement without the third network element reestablishing another securenetwork connection with the first network element.
 2. A method formaintaining secure network connections, the method comprising:configuring a plurality of security gateways such that a lookup ofsecurity associations is not dependent on any destination address;sharing a security association among the plurality of security gateways;a first of the security gateways detecting failure of a second of thesecurity gateways involved in a secure network connection with a networkdevice, wherein the secure network connection is associated with thesecurity association; and in response to detecting the failure, thefirst security gateway sending a message to the network device that thefirst security gateway is taking over the secure network connection, thefirst security gateway communicating with the network device without thefirst security gateway reestablishing another secure network connectionwith the network device.
 3. A first security server comprising: atransceiver to receive information relating to at least one securityassociation of a secure network connection between a mobile client and asecond security server; and a processor module to: monitor operation ofthe second security server; in response to detecting failure of thesecond security server, send a message to the mobile client that thefirst security server is taking over the secure network connection; andcommunicate with the mobile client using the at least one securityassociation over the secure network connection between the firstsecurity server and the mobile client without reestablishing a newsecure network connection with the mobile client.
 4. The first securityserver according to claim 3, wherein communications between the mobileclient and the first security server are based on a securityarchitecture for the internet protocol (IPsec).
 5. The method of claim1, further comprising: during life of the secure network connectionbetween the first and second network elements, the third network elementreceiving information relating to the security association of the securenetwork connection from the second network element.
 6. The method ofclaim 5, wherein the first network element is a mobile client, and thesecond and third network elements are security servers.
 7. The firstsecurity server according to claim 3, wherein a lookup of securityassociations is not dependent on any destination address.
 8. The methodof claim 1, wherein the first network element is a mobile client, andthe second and third network elements are security servers.
 9. The firstsecurity server of claim 3, wherein information relating to the at leastone security association is duplicated at the first and second securityservers.
 10. The method of claim 2, wherein sharing the securityassociation comprises sharing an IPsec security association among theplurality of security gateways.
 11. A third network element comprising:a transceiver; and a processor coupled to the transceiver and configuredto: duplicate a security association associated with a secure networkconnection between a first network element and a second network element,wherein a lookup of the security association associated with the securenetwork connection is not dependent on any destination address; inresponse to detecting failure of the second network element, replace thesecond network element with the third network element in the securenetwork connection with the first network element, wherein the securenetwork connection between the first network element and the thirdnetwork element is based on the duplicated security association; andsend, by the third network element, at least one secure message to thefirst network element to notify the first network element that thesecure network connection will be taken over by the third networkelement, the third network element communicating with the first networkelement without the third network element reestablishing another securenetwork connection with the first network element.